{"id":13478,"date":"2026-06-09T10:03:38","date_gmt":"2026-06-09T10:03:38","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2026\/06\/09\/threat-actors-abuse-chatgpt-claude-and-deepseek-brands-as-phishing-lures-to-steal-credentials\/"},"modified":"2026-06-09T10:03:38","modified_gmt":"2026-06-09T10:03:38","slug":"threat-actors-abuse-chatgpt-claude-and-deepseek-brands-as-phishing-lures-to-steal-credentials","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2026\/06\/09\/threat-actors-abuse-chatgpt-claude-and-deepseek-brands-as-phishing-lures-to-steal-credentials\/","title":{"rendered":"Threat Actors Abuse ChatGPT, Claude, and DeepSeek Brands as Phishing Lures to Steal Credentials"},"content":{"rendered":"

Threat Actors Abuse ChatGPT, Claude, and DeepSeek Brands as Phishing Lures to Steal Credentials
\n \t

\n
<\/BR>
\n
\n \t

\n
<\/BR><\/p>\n

\n

Cybercriminals have found a clever new trick: turning the world\u2019s most popular AI tools into traps. By disguising phishing attacks with the branding of platforms like ChatGPT, Claude, and DeepSeek, threat actors are luring users into handing over login credentials, credit card numbers, and authentication tokens.<\/p>\n

The surge in AI adoption has given attackers fertile ground to exploit. Millions of people now rely on AI assistants daily, and many are still learning what legitimate communications from these platforms look like. <\/p>\n

This creates the perfect window for fraud. Attackers dress up a fake page or email to resemble a trusted AI platform, and a significant number of people click without a second thought.<\/p>\n

Microsoft Threat Intelligence analysts identified and documented several of these campaigns that unfolded in early 2026. <\/p>\n

Microsoft said in a report<\/a> shared with\u00a0Cyber Security News (CSN)\u00a0that these campaigns do not represent any actual breach of the AI services themselves. <\/p>\n

They are pure social engineering operations that borrow trusted brand names to push users into clicking a link, opening a PDF, or downloading a file.<\/p>\n

What makes these attacks harder to stop is that attackers route victims through real, trusted services before reaching the malicious destination. <\/p>\n

\n
\"Attack
Attack chain of ChatGPT-themed lure leading to phishing kit (Source \u2013 Microsoft)<\/figcaption><\/figure>\n<\/div>\n

Platforms like URL shorteners, CRM tools, and GitHub are layered into the chain to avoid detection. By the time someone realizes something is wrong, their information may already be gone.<\/p>\n

The consequences are serious, as thousands of organizations across multiple countries have been targeted, with victims losing credit card data, account access, and authentication tokens that hand attackers a direct entry point<\/a> into corporate systems.<\/p>\n

Threat Actors Abuse ChatGPT, Claude, and DeepSeek Brands<\/strong><\/h2>\n

The ChatGPT-themed campaign detected on May 5, 2026 shows how this works in practice. <\/p>\n

Attackers sent around 4,500 emails to targets in South Africa, warning that their ChatGPT Plus subscription would be downgraded unless they updated their payment method within seven days. <\/p>\n

The emails carried the ChatGPT logo and a clickable update button that looked entirely legitimate.<\/p>\n

That button did not send users directly to a malicious site. Victims were bounced through a CRM service, an Amazon tracking domain, and a URL shortener before landing on a compromised website where a fake payment page sat inside a subfolder. <\/p>\n

\n
\"Phishing
Phishing landing page collecting name and address (Source \u2013 Microsoft)<\/figcaption><\/figure>\n<\/div>\n

The page showed a fake CAPTCHA to filter automated scanners, then collected personal details<\/a> and full credit card information across two steps.<\/p>\n

The Claude-themed campaign ran from April 20 to 22, 2026, reaching more than 2,000 organizations in the United States, the United Kingdom, and India. <\/p>\n

\n
\"Attack
Attack chain of Claude-themed phishing campaign leading to AiTM (Source \u2013 Microsoft)<\/figcaption><\/figure>\n<\/div>\n

Emails claimed the recipient\u2019s account had violated usage policies, with a PDF named \u201cFill and Sign Claude Appeal Form.pdf\u201d directing users to an attacker-controlled domain. <\/p>\n

\n
\"Attack
Attack chain for \u201cAwesome AI Windows plugin\u201d malvertising leading to Vidar (Source \u2013 Microsoft)<\/figcaption><\/figure>\n<\/div>\n

Victims were pushed through fake verification screens before being redirected toward what appeared to be a Microsoft sign-in page designed to steal access tokens.<\/p>\n

Fake DeepSeek Installer and Malvertising Drop Vidar<\/strong><\/h2>\n

In April 2026, attackers moved fast after DeepSeek previewed its V4 model. <\/p>\n

Within 45 minutes, a fake GitHub organization called DeepSeek-V4 was live, loaded with stolen branding, real benchmark data, and search-optimized tags designed to rank high in both traditional and AI-assisted search results. <\/p>\n

Users who downloaded the archives received a loader that silently installed Vidar infostealer on their devices.<\/p>\n

A separate malvertising campaign linked to Storm-3075<\/a> pushed a fake product called \u201cAwesome AI Windows Plugin\u201d through free movie streaming sites. <\/p>\n

\n
\"Fake
Fake DeepSeek V4 campaign timeline and attack chain (Source \u2013 Microsoft)<\/figcaption><\/figure>\n<\/div>\n

The download was a fraudulently code-signed executable tied to Fox Tempest, a group running a malware-signing service used by multiple criminal actors. <\/p>\n

Once users launched the file and clicked a \u201cContinue\u201d prompt, a Python downloader quietly fetched Vidar from an attacker-controlled server.<\/p>\n

To reduce exposure, users and organizations should enable multi-factor authentication on all accounts and avoid clicking links or downloading files from unsolicited emails. <\/p>\n

AI platform communications should always be verified by visiting the official website directly. Organizations should also deploy email link scanning tools and solutions that detect and block phishing pages before users ever reach the malicious content.<\/p>\n

Indicators of Compromise (IoCs):-<\/strong><\/p>\n

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Type<\/th>\nIndicator<\/th>\nDescription<\/th>\n<\/tr>\n<\/thead>\n
SHA-256<\/td>\n791efb555eefb7215e96659a1353a97416743b66bdd72705493129c64057d40e<\/td>\nFile hash for attachment: Fill and Sign Claude Appeal Form.pdf<\/td>\n<\/tr>\n
URL<\/td>\nhxxp:\/\/dash.awaydouble[.]org\/0v2auth<\/td>\nURL inside the Claude phishing PDF attachment<\/td>\n<\/tr>\n
URL<\/td>\nhxxps:\/\/github[.]com\/shippingtechnologymovie\/AI-techVideos\/releases\/download\/13123\/ProFluxeFlowAi-win-Setup.exe<\/td>\nFraudulent GitHub repository (taken down) hosting malware executable<\/td>\n<\/tr>\n
SHA-256<\/td>\nc7c5072df9f83f4c440a5c3bb4be1d5f6c67bbf78f196406ca20d27b43b975b8<\/td>\nFile hash for ProFluxeFlowAi-win-Setup.exe<\/td>\n<\/tr>\n
Signer SHA-1<\/td>\n4f5c5b3ef45cfff7721754487a86aeff9a2e6e32<\/td>\nFraudulent code-signing certificate (Fox Tempest)<\/td>\n<\/tr>\n
Domain<\/td>\nbrokeapt[.]com<\/td>\nAttacker-controlled C2 domain for Python loader<\/td>\n<\/tr>\n
Domain<\/td>\npan.ssffaa19[.]xyz<\/td>\nVidar C2 domain<\/td>\n<\/tr>\n
Domain<\/td>\npan.rongtv[.]xyz<\/td>\nVidar C2 domain<\/td>\n<\/tr>\n
URL<\/td>\nhxxps:\/\/github[.]com\/DeepSeek-V4\/deepseek-V4\/releases\/download\/deepseek-V4\/deepseek-v4-pro_x64.7z<\/td>\nFraudulent DeepSeek GitHub repository (taken down)<\/td>\n<\/tr>\n
SHA-256<\/td>\n0a26238f6c516de5885457c93042531aa59bc206a9537cebf5267cedc6c68531<\/td>\ndeepseek-v4-pro_x64.7z (v1)<\/td>\n<\/tr>\n
SHA-256<\/td>\n8610d4fb0ec5b525071c2aaec4df0f8fcbb3673aba58a7e1959fc44e83c0e2ca<\/td>\ndeepseek-v4-flash_x64.7z (v1)<\/td>\n<\/tr>\n
SHA-256<\/td>\n99231deb373997364381d1eb513d2d42231d418c3a2db9007c5af9bd56ab9371<\/td>\ndeepseek-v4-flash_x64.7z (v2)<\/td>\n<\/tr>\n
SHA-256<\/td>\n25270cc429ada8028b5b33220ed412c47907ecceea7377d608fac5af01bed56a<\/td>\ndeepseek-v4-pro_x64.7z (v2)<\/td>\n<\/tr>\n
SHA-256<\/td>\n56d722b0331bf0aaa86bb37483486c6dff6ad9427fc473ed7c3226c21a9bdd23<\/td>\nDeepSeek-specific extracted PE (deepseek-v4-pro_x64.exe, deepseek-v4-flash_x64.exe, VectorEngine.exe)<\/td>\n<\/tr>\n
SHA-256<\/td>\n5455341ed1bbe75a664fca2dd0794c508e1874f75360253a7ff5bc119bc92d80<\/td>\nShared loader observed under multiple AI-brand lure names<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n

Note:<\/strong>\u00a0IP addresses and domains are intentionally defanged (e.g.,\u00a0<\/em>[.]<\/em><\/code>) to prevent accidental resolution or hyperlinking. Re-fang only within controlled threat intelligence platforms such as MISP, VirusTotal, or your SIEM<\/em>.<\/p>\n

Follow us on\u00a0Google News<\/a>,\u00a0LinkedIn<\/a>,\u00a0and\u00a0X<\/a>\u00a0to Get More Instant Updates<\/strong>,\u00a0Set CSN as a Preferred Source in<\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong> Google<\/a><\/strong><\/strong>.<\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/p>\n

The post Threat Actors Abuse ChatGPT, Claude, and DeepSeek Brands as Phishing Lures to Steal Credentials<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n

\t

\n
<\/BR>
\n Tushar Subhra Dutta
\n \t

\n
<\/BR>
\nGo to cyber-security-news<\/a>
\n \t

\n
<\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"

Threat Actors Abuse ChatGPT, Claude, and DeepSeek Brands as Phishing Lures to Steal Credentials Cybercriminals have found a clever new trick: turning the world\u2019s most popular AI tools into traps. By disguising phishing attacks with the branding of platforms like ChatGPT, Claude, and DeepSeek, threat actors are luring users into handing over login credentials, credit […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129,63,649],"tags":[130],"class_list":["post-13478","post","type-post","status-publish","format-standard","hentry","category-cyber-security","category-cyber-security-news","category-threats","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/13478"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=13478"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/13478\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=13478"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=13478"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=13478"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}